Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/iBFQXwHJDt-KDf67e2vs0bVlb_w.roa
File:                     iBFQXwHJDt-KDf67e2vs0bVlb_w.roa (raw, json)
Hash identifier:          QkJHDBTDWcwP5XzvLdR+E4azyFx/ZC108fGYvKd1u5o=
Subject key identifier:   88:11:50:5F:01:C9:0E:DF:8A:0D:FE:BB:7B:6B:EC:D1:B5:65:6F:FC
Certificate issuer:       /CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
Certificate serial:       018DA832B00A3E0B7D20F7BB28D29FEE1E10
Authority key identifier: D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/iBFQXwHJDt-KDf67e2vs0bVlb_w.roa
Signing time:             Wed 14 Feb 2024 15:18:30 +0000
ROA not before:           Wed 14 Feb 2024 15:18:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2635
IP address blocks:        5.100.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:32:b0:0a:3e:0b:7d:20:f7:bb:28:d2:9f:ee:1e:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
        Validity
            Not Before: Feb 14 15:18:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8811505f01c90edf8a0dfebb7b6becd1b5656ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2b:ed:74:36:ea:2c:3d:87:46:78:58:97:22:
                    e6:7d:a2:0c:9d:ed:9f:1b:2e:12:8c:45:ae:67:75:
                    fb:a3:f5:50:de:53:49:ba:bc:08:62:fa:16:d0:f4:
                    89:66:38:aa:59:62:4d:bc:f2:62:18:23:f2:d2:26:
                    4d:07:b6:71:96:ef:23:cd:38:4a:c4:09:8b:9c:e2:
                    bf:8a:04:6b:0f:d3:01:19:f5:85:34:c7:62:96:5e:
                    d9:48:f9:ae:b2:1f:45:48:c1:12:d4:de:81:60:59:
                    1d:4d:b1:d1:54:4d:68:ac:69:09:e1:3f:8d:db:61:
                    b6:12:e4:7f:03:82:82:53:37:70:d7:b3:43:62:9b:
                    86:c4:53:7f:39:aa:bb:a5:85:40:84:ab:4a:70:7d:
                    b3:5d:a2:72:8a:25:61:32:8e:e2:ab:69:6f:c5:3b:
                    34:ab:15:51:41:33:0a:e3:ff:68:68:3c:bf:c5:79:
                    f2:22:a1:a4:9b:5b:18:cc:54:56:18:64:c0:61:93:
                    4f:22:1c:0b:69:6c:c9:b9:69:6d:c5:95:be:29:64:
                    16:f5:5e:d5:c2:7b:4e:ae:5e:7f:97:3c:10:34:2e:
                    1a:0b:f1:91:c2:6c:e8:2b:bf:0a:8e:16:06:dd:14:
                    af:56:d6:11:5e:09:06:a1:0c:8c:fd:31:7d:6c:63:
                    2b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:11:50:5F:01:C9:0E:DF:8A:0D:FE:BB:7B:6B:EC:D1:B5:65:6F:FC
            X509v3 Authority Key Identifier:
                keyid:D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/iBFQXwHJDt-KDf67e2vs0bVlb_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:20:a8:ed:aa:25:3f:59:fc:08:42:04:9b:ec:b3:f0:24:47:
         33:1e:e5:9f:21:52:92:d8:ae:67:32:21:5d:c2:1f:4a:d5:e9:
         68:18:3c:a9:7c:d2:a4:63:1f:3e:02:f9:88:3d:d8:4d:78:41:
         d6:b2:ae:24:76:7f:e2:87:0d:e8:a8:c5:75:15:06:5b:8a:18:
         42:36:1b:aa:78:ce:dc:b3:7a:7d:d2:5a:45:49:b6:05:d7:89:
         30:48:df:81:61:56:b3:f9:ea:a0:1a:06:18:ea:10:64:dd:23:
         ca:3e:cc:1d:5e:d4:43:99:e1:a7:24:bd:3d:b3:ce:47:5b:89:
         13:53:56:74:6c:8e:1e:6b:c1:d0:bf:22:ad:56:92:3b:56:3e:
         96:e0:aa:4f:50:e4:62:f5:dc:fc:c0:85:33:41:a0:f6:48:b1:
         71:e9:30:36:a2:b5:f3:21:02:40:a4:58:78:1f:33:7e:c1:6f:
         0d:58:ec:a6:b7:5f:3a:59:d6:af:e6:02:bf:be:f9:fd:ff:16:
         ec:21:6b:b4:88:7b:c8:d5:3b:dd:bd:7c:87:58:54:87:65:47:
         c5:b7:21:fa:c4:ef:61:e0:cd:d1:fa:fc:c1:cc:54:7b:25:b1:
         d6:f8:05:a9:7c:02:27:a1:55:4f:c6:76:0f:93:7c:dc:0c:b0:
         2f:ab:09:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2oMrAKPgt9IPe7KNKf7h4QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2FlOWRjOWY0M2EyNjllYjBhY2NmMzQ4OGU4NjFmNGZm
MGU4OWUwHhcNMjQwMjE0MTUxODMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODExNTA1ZjAxYzkwZWRmOGEwZGZlYmI3YjZiZWNkMWI1NjU2ZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCvtdDbqLD2HRnhYlyLmfaIMne2f
Gy4SjEWuZ3X7o/VQ3lNJurwIYvoW0PSJZjiqWWJNvPJiGCPy0iZNB7Zxlu8jzThK
xAmLnOK/igRrD9MBGfWFNMdill7ZSPmush9FSMES1N6BYFkdTbHRVE1orGkJ4T+N
22G2EuR/A4KCUzdw17NDYpuGxFN/Oaq7pYVAhKtKcH2zXaJyiiVhMo7iq2lvxTs0
qxVRQTMK4/9oaDy/xXnyIqGkm1sYzFRWGGTAYZNPIhwLaWzJuWltxZW+KWQW9V7V
wntOrl5/lzwQNC4aC/GRwmzoK78KjhYG3RSvVtYRXgkGoQyM/TF9bGMrVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgRUF8ByQ7fig3+u3tr7NG1ZW/8MB8GA1UdIwQY
MBaAFNF66dyfQ6Jp6wrM80iOhh9P8OieMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUt
ZmRhNGU4YTViNDZlLzEvaUJGUVh3SEpEdC1LRGY2N2UydnMwYlZsYl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUtZmRhNGU4YTViNDZl
LzEvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWScMA0G
CSqGSIb3DQEBCwUAA4IBAQC5IKjtqiU/WfwIQgSb7LPwJEczHuWfIVKS2K5nMiFd
wh9K1eloGDypfNKkYx8+AvmIPdhNeEHWsq4kdn/ihw3oqMV1FQZbihhCNhuqeM7c
s3p90lpFSbYF14kwSN+BYVaz+eqgGgYY6hBk3SPKPswdXtRDmeGnJL09s85HW4kT
U1Z0bI4ea8HQvyKtVpI7Vj6W4KpPUORi9dz8wIUzQaD2SLFx6TA2orXzIQJApFh4
HzN+wW8NWOymt186Wdav5gK/vvn9/xbsIWu0iHvI1TvdvXyHWFSHZUfFtyH6xO9h
4M3R+vzBzFR7JbHW+AWpfAInoVVPxnYPk3zcDLAvqwlC
-----END CERTIFICATE-----